Unfortunately, the days of Apple devices being “bullet-proof” from various security threats are long gone.
Although it’s true that they are probably still more secure than Android, the gap is rapidly narrowing. Issues such as the iCloud celebrity photo hack, the Find My Phone hijacking scam, and a growing number of malware threats have all undermined confidence in the ecosystem.
It is now more important than ever for iPhone and iPad owners to know about which threats they could encounter, and how to fix them if the worst happens.
We take a look at some of the most common:
XcodeGhost was first discovered in the fall of 2015 in China. It is based on a malicious version of Xcode (Apple’s official app development tool), with developers unwittingly using XcodeGhost rather than Apple’s official version for compiling apps.
Those apps were then released into the App Store, passed through Apple’s code review process, and were ultimately downloaded by end-users.
Luckily for European and North American users, most of the affected apps are located in China – though some apps (such as popular business card scanner CamCard) are available in global stores. Between 40 and 350 apps have been affected, depending on whose research you read. One of those apps was the highly popular Angry Birds 2, though Rovio quickly released a patch.
Apps that have been infected with XcodeGhost can collect information about devices and then encrypt and upload that data to the attacker’s servers. Collected data includes the app’s bundle identifier, the device’s name and type, the system’s language and country, the device’s UUID, and the network type.
Research also discovered that the malware could issue a fake alert to phish user information, hijack the opening of URLs, and write data into the user’s clipboard.
In the aftermath of the discovery, Apple issued the following statement:
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
If you notice suspicious behavior while using your device, you should immediately check the various lists of affected apps that can be found online. Delete any compromised apps, and change all your passwords.
Masque Attack was discovered by US-based security firm FireEye in late 2014.
The attack works by emulating and replacing legitimate apps that are already installed on the device, with users lured into downloading a seemingly legitimate app from outside of the App Store. This hook could take the form of a link to an “updated” app in a text message, a WhatsApp message, or an email.
Once the link is clicked, the malware will install a malicious version of the app over the original by using iOS enterprise provision profiles – thus making detection almost impossible for the average user.
Detection is further complicated by the fact both the real App Store version and the malicious version use the same bundle identifier.
According to FireEye, the risk is huge. Masque Attack could override banking and email apps and steal banking credentials, the original app’s local data (such as cached emails and login-tokens), and untold amounts of other private and confidential data.
Apple’s response was to claim that Masque Attack wasn’t really a threat as so few users had been affected:
“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps.”
If you have been unlucky enough to fall victim, simply deleting the malicious app and reinstalling the official version from the App Store will fix the problem.
Less than a month prior to the Masque Attack revelations, Trojan horse WireLurker was unearthed.
Like XcodeGhost, the hack originated in China. It had been operational for more than six months before its discovery, and upon its detection it was heralded as “a new era in malware attacking Apple’s desktop and mobile platforms” by Palo Alto Networks.
The virus was inserted into pirated Mac OS X software and was then transferred to iDevices via a USB connection. It was impossible for the Trojan to move from iOS device to iOS device directly.
After being downloaded more than 415,000 times, it holds the dubious distinction of being the largest outbreak of iOS malware on record.
The attack could target both jailbroken and non-jailbroken devices.
If installed on a jailbroken device, WireLurker can use parts of the Cydia system to steal personal details, address books, and the victim’s phone number. It would then use Cydia to infect other apps and install additional malicious software.
If installed on a non-jailbroken device, the Trojan would exploit the enterprise provisioning system by invisibly installing a security profile within the Settings app. This would allow it to install a third-party comic book app without the user’s consent.
The good news is that if run on a non-jailbroken device, the Trojan is benign. Sadly though, whether you’re jailbroken or not, the only way to remove the problem it to wipe your iDevice.
Before doing that you first need to ensure your Mac is not compromised – otherwise you will re-infect your iOS device as soon as your reconnect it to your machine. Thankfully, Palo Alto Networks have released a Python script that removes any trace of WireLurker. The script can be found on GitHub.
Once that’s done, navigate to Settings > General > Reset on your iOS device. Select Erase All Content and Settings and restart your device. You will need to setup your device again, but all signs of the Trojan will be gone.
In early 2014, a vulnerability in Apple’s SSL (Secure Sockets Layer) code was discovered. For those that don’t know, SSL is one of the technologies used to create secure connections to websites.
The problem arose from a coding error, thought to have been introduced ahead of the launch of iOS 6.0. The error meant that a key validation step was bypassed, thus allowing unencrypted data to be sent over public Wi-Fi hotspots.
Because the data was unencrypted, it was extremely easy for hackers to intercept and read passwords, banks details, personal information, and other private data. This information could then be used for nefarious purposes.
The problem was only apparent when using public hotspots; secured, encryption-enabled Wi-Fi networks, such as home and business networks, were not affected.
If you’re the type of person who never upgrades their operating system, you could be in trouble.
It’s easy to check: navigate to Settings > General > Software Update. If you’re using any iOS version prior to 7.0.6 you are exposed. If you have an older iDevice that cannot be updated to iOS 7 (for example, the iPhone 3GS or iPod Touch 4G), you need to make sure you are running at least iOS 6.1.6.
The problem is also apparent on Macs. You need to be running at least 10.9.2. If you are using anything prior to that, avoid using Safari to browse the web.
Lock screen bypasses are nothing new. Android phones have been afflicted by them in the past, and Apple’s iDevices were also exposed in March 2013.
In September 2015, however, a new bypass arose on iOS devices. It will allow hackers to gain access to a phone’s iMessage app, contacts, and photos without entering any verification.
The process is very simple; enter an incorrect password four times, and after the fifth time, hold the Home button. When Siri opens, use it to open the clock. When presented with the clock press + to access search, and from there access the data.
Only devices protected by four- or six-digit passcodes are vulnerable to the hack; if you use a longer alphanumeric password, you will remain unaffected.
Thankfully, access is partially limited and not all of the iOS’s system are “in-play”. Nonetheless, people regularly take screenshots of private information such as bank statement screens, flight details, and various personal accounts. All of this would be viewable.
There are three obvious solutions.
Firstly, you should immediately change to an alphanumeric password. Secondly, you can prevent Siri from being accessed from the lock screen (Settings > Touch ID & Passcode > Allow access when locked > Disable). Finally, you should always ensure you are running the latest version of the operating systems so that flaws are fixed as soon as patches become available.
Have you been unlucky enough to fall victim to any of the hacks we mentioned? Perhaps you know about some other dangerous hacks that are more aggressive than the ones we covered?
As always, we’d love to hear from you. You can get in touch via the comments section below.
Image Credits:Bloody hands by RAYBON via Shutterstock